Despite the best efforts of federal agencies and the near constant media coverage of threats, most government cybersecurity initiatives remain reactive. Once a threat is detected, agency teams typically scramble to identify the source of the intrusion and take necessary steps to mitigate its impact. The nature of the business can make planning and, therefore, budgeting a seemingly impossible task.

Unfortunately, federal IT security professionals’ and program managers’ hands are tied, thanks to limited budgets and time. They worry about the costs and schedules involved in proactively creating a compelling cybersecurity program. Beyond that, they traditionally have not had the necessary tools to develop accurate estimates of what it will take to create these programs. They have been left only able to make educated guesses that leave them stuck in reactive mode.

Agency project managers need to be able to build and develop their cybersecurity systems just as they would a software project. They need accurate planning and estimation that will allow them to consider timeframes, appropriate staff, potential costs, quality, risk, and other key factors.

This past July marked the first cyber security recall in automotive history. Fiat Chrysler issued a formal voluntary recall of 1.4 million vehicles after security researchers Charlie Miller and Chris Valasek demonstrated to WIRED how they could exploit a software vulnerability in Chrysler’s Uconnect dashboard computers and remotely hack into a 2014 Jeep Grand Cherokee over the Internet, taking over dashboard functions, transmission, steering and brakes. Most notably, they did so from their basement while WIRED author Andy Greenberg was driving the vehicle on the highway!

Though this was first time an automotive manufacturer issued a recall for cyber security, it’s not the first time security risks have been found in automotive software. As I’ve pointed out in my previous article “How Much Software Is in Your Car?” nearly every vehicle less than 30 years old on the road today depends on lots of computer software and thus is potentially vulnerable to hacking, especially newer models that are connected to the Internet.